我正在使用 Spring、Spring Security、BlazeDS、Flex 和 spring-flex。

我知道我可以调用channelSet.login()channelSet.logout() Hook 到 Spring Security 进行身份验证。 channelSet.authenticated显然只知道当前的 Flex session ,因为它总是以 false 开始,直到您调用 channelSet.login() .

我想做的事:

  • 从 Flex 检查以了解用户是否已在 session 中。
  • 如果是这样,我想要他们的用户名和角色。

  • 更新
    我只是想添加我在 brd6644 中使用的解决方案的详细信息的答案在下面,这样对于查找此内容的其他人来说可能会更容易。我用了 this StackOverflow 回答 SecurityContext可注入(inject)的。我不会在这个答案中重写代码,所以去看看 SecurityContextFacade .

    securityServiceImpl.java
    public class SecurityServiceImpl implements SecurityService { 
        private SecurityContextFacade securityContextFacade; 
     
        @Secured({"ROLE_PEON"}) 
        public Map<String, Object> getUserDetails() { 
            Map<String,Object> userSessionDetails = new HashMap<String, Object>(); 
     
            SecurityContext context = securityContextFacade.getContext(); 
            Authentication auth = context.getAuthentication(); 
            UserDetails userDetails = (UserDetails) auth.getPrincipal(); 
     
            ArrayList roles = new ArrayList(); 
            GrantedAuthority[] grantedRoles = userDetails.getAuthorities(); 
            for (int i = 0; i < grantedRoles.length; i++) { 
                roles.add(grantedRoles[i].getAuthority()); 
            } 
     
            userSessionDetails.put("username", userDetails.getUsername()); 
            userSessionDetails.put("roles", roles); 
            return userSessionDetails; 
        } 
    } 
    

    安全上下文.xml
    <security:http auto-config="true"> 
        <!-- Don't authenticate Flex app --> 
        <security:intercept-url pattern="/flexAppDir/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
        <!-- Don't authenticate remote calls --> 
        <security:intercept-url pattern="/messagebroker/amfsecure" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 
    </security:http> 
     
    <security:global-method-security secured-annotations="enabled" /> 
     
    <bean id="securityService" class="ext.domain.project.service.SecurityServiceImpl"> 
        <property name="securityContextFacade" ref="securityContextFacade" /> 
    </bean> 
    <bean id="securityContextFacade" class="ext.domain.spring.security.SecurityContextHolderFacade" /> 
    

    flexContext.xml
    <flex:message-broker> 
        <flex:secured /> 
    </flex:message-broker> 
     
    <flex:remoting-destination ref="securityService" /> 
    <security:http auto-config="true" session-fixation-protection="none"/> 
    

    FlexSecurityTest.mxml
    <mx:Application ... creationComplete="init()"> 
     
        <mx:Script><![CDATA[ 
            [Bindable] 
            private var userDetails:UserDetails; // custom VO to hold user details 
     
            private function init():void { 
                security.getUserDetails(); 
            } 
     
            private function showFault(e:FaultEvent):void { 
                if (e.fault.faultCode == "Client.Authorization") { 
                    Alert.show("You need to log in."); 
                    // show the login form 
                } else { 
                    // submit a ticket 
                } 
            } 
            private function showResult(e:ResultEvent):void { 
                userDetails = new UserDetails(); 
                userDetails.username = e.result.username; 
                userDetails.roles = e.result.roles; 
                // show user the application 
            } 
        ]]></mx:Script> 
     
        <mx:RemoteObject id="security" destination="securityService"> 
            <mx:method name="getUserDetails" fault="showFault(event)" result="showResult(event)" /> 
        </mx:RemoteObject> 
     
        ... 
    </mx:Application> 
    

    请您参考如下方法:

    如果您使用 Spring Blazeds integration ,您可以使用 org.springframework.flex.security.AuthenticationResultUtils 实现 getUserDetails 方法。

    public Map<String, Object> getUserDetails() {   
     return AuthenticationResultUtils.getAuthenticationResult(); 
    } 
    


    评论关闭
    IT干货网

    微信公众号号:IT虾米 (左侧二维码扫一扫)欢迎添加!